Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows TCP/IP vulnerability could allow escalation of privilege


Report ID: MS201205004
Date Published: 9 May 2012

Criticality: Important
Compromise Type: security-bypass privilege-escalation
Compromise From: local-network local-system


Affected Product/Component:

Windows Vista 
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

Two vulnerabilities reported in Microsoft Windows could allow security bypass and escalation of privilege on an affected system.



Detailed Description

Microsoft has released a security update to address two reported vulnerabilities in Microsoft Windows. The first vulnerability was caused by Windows Firewall's failure to properly filter outbound broadcast packets. Upon successful exploit, it could allow an attacker to bypass Windows Firewall to facilitate the exploitation of other vulnerabilities.

The second reported vulnerability could allow an attacker to execute arbitrary code with escalated privileges. It was caused by Windows TCP/IP stack's failure to properly handle the binding of an IPv6 address to a local interface.

The two issues have been fixed in the latest security update for Microsoft Windows. The update introduces modifications in the way that Windows Firewall handles outbound broadcast packets, and the way that Windows TCP/IP handles the binding of an IPv6 address to a local interface. Users are recommended to install this update as a protection measure against potential exploit attempts.

 



CVE Reference

CVE-2012-0174
CVE-2012-0179



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-032)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.